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Remarks 

Claims 1-85 are pending in the present application, with claims 1-44 being 
withdrawn. Claims 45-85 have been rejected. 

Rejection under 35 U.S.C. S 103 fObviousness^ 
Claims 45-48, 52, 53, 55 and 85 were rejected under 35 U.S.C. 8 103(a) as being 
obvious over Sung-Do Chi et al M in view of Apostal D. et al. This rejection is respectfully 
traversed. 

In ex pane examination of patent applications, the Patent Office bears the burden of 
establishing a prima facie case of obviousness. MPEP § 2142, p. 2100-127 (8th ed. rev. 5 
Sept. 2007). Absent such a prima facia case, the applicant is under no obligation to produce 
evidence of nonobviousness. Id. The key to supporting any rejection under 35 U.S.C, 103 is 
the clear articulation of the reason(s) why the claimed invention would have been obvious. 

The Supreme Court in KSR Internationa/ Co. v. Teleflex Inc., 550 U.S. , , 82 USPQ2d 

1385, 1396 (2007) noted that the analysis supporting a rejection under 35 U.S.C 103 should 
be made explicit. Id. The Federal Circuit has stated that "rejections on obviousness cannot be 
sustained with mere conclusory statements; instead, there must be some articulated reasoning 
with some rational underpinning to support the legal conclusion of obviousness." In re Kahn, 

441 F.3d 977, 988, 78 USPQ2d 1329, 1 336 (Fed. Cir. 2006). See also KSR, 550 U.S. at . 

82 USPQ2d at 1396 (quoting Federal Circuit statement with approval). Id. 

To support an obviousness rejection, MPEP §2143.03 requires "all words of a claim to be 
considered" and MPEP § 2141.02 requires consideration of the "[claimed] invention and prior an 
as a whole. Further, the Board of Patent Appeal and Interferences recently confirmed that a 
proper, post-KSR obviousness determination still requires the Office make **a searching 
comparison of the claimed invention — including all its limitations — with the teaching of the 
prior art." In re Wada and Murphy, Appeal 2007-3733, citing /w re Ochiai, 71 F.3d 1565, 1572 
(Fed. Cir. 1995) and CFMT v. Yieldup Intern. Corp., 349 F.3d 1333, 1342 (Fed. Cir. 2003). In 
sum it remains well-settled law that an obviousness rejection requires at least a suggestion of all 
the claim elements. 

Because the obviousness rejection ignores the following claim elements of claims 45 and 
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83, the applicant is of the opinion that the obviousness rejection is improper. 

Independent claims 45 and 83 include various limitations of a method and a device, 
respectively, for analyzing the security of an information system, directed to components of 
the system and to their behaviour and status during a phase simulating potential attacks, 
based on modelled behavioural rules. In particular, claim 45 recites, inter alia, (i) "the 
specification of a set of behavioural rules, from the standpoint of the operation of the system 
and from the standpoint of security " during a modelling phase. It further recites (it) "each 
component being associated with at least one state initialized with a sound value "* and (Hi) 
"a successful attack causing a state of a component to pass to an unsound value " during a 
simulation phase. 

These features are interrelated and allow several advantages. In particular, the claim 
further recites that each behavioural rule comprises one or more predicates, which may thus 
take into account the current state of one or more components (see, for instance, description 
page 15, lines 8-12, and page 19, lines 10-15). According to me claimed invention, the state 
of a component must be construed as defining its status in relation of the security of the 
system. This interpretation is consistent with the recitation, in the independent claims, of "at 
least one state initialized with a sound value x \ and of the state of a component being passed to 
an " unsound value " responsive to a successful attack. Further examples of such unsound 
states of components are given in the description as being; weakened, degraded and 
dangerous (see Table II, page 14, ACID states). 

Applicant submits that each of the cited references fail to disclose at least the 
aforementioned limitations. For example, although the applicant does not contest that Sung- 
Do Chi el al. discloses network security modelling and simulating, it is submitted that this 
reference fails to disclose any specification of a set of behavioural rules both from the 
standpoint of the operation of the system and from the standpoint of security, in the meaning 
of the claimed invention. On the contrary, chapter 3 of Sung-Do Chi el a), teaches that 
network security simulation systems are organized within a set of layers that characterizes . 
their design structure , as shown in Fig. 1 of Sung-Do Chi el al. This layered approach cannot 
be easily defined, based on the current understanding of the disclosure in this reference. What 
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is clear, however, is that Sung-Do Chi el al. fails to disclose behavioural rules associated with 
the components of the system, which each comprise one or more predicates and/or one or 
more actions as claimed. 

The Examiner also refers to various passages of Sung-Do Chi el al. wherein "states*' 
are mentioned, whereas this use of the word "states" is nowhere comparable to the claimed 
notion of a security status. For instance, in page 325 of Sung-Do Chi el al. (fifth line from the 
bottom of page 325), "state variables" are defined as being either service type, hardware 
(H/W) type, or Operating Sysiem (O/S) type. Further, in page 327, lines 3-6, reference to 
"current states" in Table 1 must be understood as describing a Unix pre-condition, Le„ a 
condition for executing the command, like "check the file existence" (see Table 1). Similarly, 
"next states 1 ' refer to changed properties after command execution, such as directory 
attributes, file attributes and permission attributes. None of the features so defined by use of 
the word "state" in the Sung-Do Chi el al. reference has anything to do with ihe claimed state 
of a component within the context of the claimed security modelling and simulation. In 
particular, they do not relate to a state of a component of a system which can take a "sound" 
or "unsound" value. 

The same kind of remarks applies to Apostal et al. which, according to the Examiner, 
would teach the limitation of "each component being associated with at least one state 
initialized with a sound value". Indeed, there is absolutely no support in Apostal et al., for the 
Examiner's interpretation that the "state information for all clients" as disclosed in Apostal et al. 
corresponds to the claimed security status ("state") of each component of the system. According 
to Apostal et al., the clients are services, that is to say Operating System 
(OS)/protocol/applicacion program [see, page 217, left-hand column, lines 9-10] executing on 
specific nodes. The state of any of the services on a node under attack can be changed by one or 
more effects produced by the service table (see, page 21 8, left column, 1 0-12). It is the 
applicant's view that the possible values of the "state" of a service according to Apostal et al. 
may be "installed/ttninstaUed" and/or "active/inactive". This interpretation is based on the 
teaching in page 216, right-hand column, lines 7-1 1 (Configuration table), and in page 221 , left 
column, lines 1-5, of Sung-Do Chi el al. It is consistent with the teaching in Apostal et aL, 
whereas the interpretation by the Examiner seems to result from his analysis by hindsight of the 
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reference. However, there is no disclosure or suggestion in Apostal et al. of these states relating 
to the vulnerability of a device based on the simulated attack. 

In addition to the above reasoned statement why the applicant believes the Examiner 
has erred substantially as to the factual findings, it is submitted that the rejection lack a clear 
articulation of the reason(s) why the claimed invention would have been obvious. MPEP § 
2142, p. 2100-127 (8th ed. rev. 5 Sepi. 2007). 

The Supreme Court in KSR fmernational Co. v. Te/e/Jex Inc., 550 U.S. , , 82 

USPQ2d 1385, 1395-97 (2007) identified a number of rationales to support a conclusion of 
obviousness which are consistent with the proper "functional approach" to the determination 
of obviousness as laid down in Graham. The key to supporting any rejection under 35 U.S.C 
103 is the clear articulation of the rcason(s) why the claimed invention would have been 
obvious. The Supreme Court in KSR noted that the analysis supporting a rejection under 35 
U.S.C, 103 should be made explicit. MPEP $ 2143, p. 2100-128 (8th ed. rev. 5 Sept. 2007). 

For the reasons set out above, it is respectfully submitted thai the Examiner has not 
satisfactorily demonstrated that subject-matter recited in the independent claims 45 and 83 is 
obvious over any combination of prior art references. 

The remaining claims have been rejected as obvious over any combination of Sung-Do 
Chi et al., in view of Apostal D. et al., Rietchey et a!., Gupta et al., Dowd, Cohen, Pitchaikani et 
al. and Swiler et al.. However, these claims are dependent claims that depend directly or 
indirectly on independent claims 45 or 83. Therefore, they are likewise allowable based on at 
least the same reasons and based on the recitations contained in each dependent claim. 

SUMMARY 

Tn light of the above remarks. Applicant respectfully submits that all of the claims 
pending in the application are now clearly allowable. Favorable consideration and a Notice of 
Allowance are earnestly solicited. 

If the undersigned attorney has overlooked a teaching in any of the cited references 
that is relevant to the allowability of the claims, the Examiner is requested to specifically 
point out where such teaching may be found. Further, if chere are any informalities or 
questions that can be addressed via telephone, the Examiner is encouraged to contact the 
undersigned attorney at (312) 263-4700. 
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Reconsideration and allowance of the foregoing claims are respeclfijlly requested. 

i 

DejwsU Account Authorization 

The Commissioner is hereby authorized to chorge any deficiency in any umouni enclosed or 
any additional fees which may be required during pendency of this application under 37 CFR 
1.16 or 1.17, except issue fees, or credit any overpayment, to Deposit Account No. 50-1903. 

Respectfully submitted, 

McCracken & Frank LLP 

Attorneys at Law 

311 S. Wacker, Suite 2500 

Chicago, 1L 60606 

(312)263-4700 

Customer No: 29471 



By: 

December 5, 2008 J. William Frank, III 

Reg. No; 25,626 
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